Hi,
in Debian 11 with f2b version 0.11.2-2 the issue with "journalmatch" seems to
be fixed, but now the filter is wrong.
/etc/fail2ban/filter.d/sshd.conf
# consider failed publickey for invalid users only:
cmnfailre-failed-pub-invalid = ^Failed publickey for invalid user
(?P\S+)|(?:(?! from ).)*? from
%(__on_port_opt)s(?: ssh\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)
The log output in systemd does not match, the regex has to be changed to
something like:
cmnfailre-failed-pub-invalid = ^Failed publickey for
(?P\S+)|(?:(?! from ).)*? from
%(__on_port_opt)s(?: ssh\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)
Daniel
smime.p7s
Description: S/MIME cryptographic signature